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Secure means for communicating watermark related copy-protection information in a PC. 



Introduction 

The invention relates to an arrangement for receiving via a transfer 
signal encoded content information and supplemental information, which content information 
5 comprises a watermark at least partly representing the supplemental information, the 
arrangement comprising a receiver device for receiving the transfer signal, a detector for 
detect ng watermark information in dependence on the watermark, and a decoder coupled to 
an output of the receiver device for decoding the content information, which receiver device 
comprises control means for controlling the reproduction of the content information in 
10 dependence on the supplemental information. 



Such a transfer system is known from WO 97/13248 (PHN 15391). In the 
transfer system information is transferred from the transmitter via a transfer signal to a 

IS receiver device, e.g. from a video producer via an optical disc to a disc drive for playback- The 
document describes that video and audio content is increasingly transmitted and recorded in a 
digitally encoded form, for example, an MPEG bitstream. There is a growing need to transfer 
supplemental information logically related to the content information, which supplemental 
information is intended for controlling the reproduction of the content information. The 

20 supplemental information may comprise information on the rights of the owner or originator 
of the content information. For example a marker is to be accommodated in such an encoded 
signal so as to classify the encoded signal as authentic program material. Marking digital 
signal:* is particularly useful in copy protection applications, wherein the supplemental 
information indicates the copyright status. Therefore the supplemental information should be 

25 protected against manipulation. The mark, also referred to as watermark, can effectively take 
the foirn of a multi-bit watermark pattern representing some supplemental information, e.g. 
indicaing that the encoded signal constitutes copy protected content. In a digital video system, 
e.g. besed on the digital videodisc (DVD), copy control can be based on detection of electronic 
watermarking. Watermarks are minor, imperceptible modifications to the video, which can be 
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detect 5d electronically. Such watermarks can be resistant to typical signal processing, 
including format conversions (e.g. PAL to NTSC). and can be detected to retrieve copyright 
information about the video. Watermarks are used for playback control. The basic idea of 
playback control is thai any drive refuses to pass video content if that content contains a 

5 watennark that classifies the video as being no-copy while that video is found on a recordable 
medium. Hence playback control requires detection of the watennark within the drive, and a 
detector should be on the same chip as the drive control electronics or on the same circuit 
board in the drive. Noise-like, pixel-domain watermarks are not suitable for detection by a 
detector in the receiver device, because the complexity of the detector has to remain below a 

10 few thousand gates, as drives and DVD RAM recorders are designed as simple storage devices 
without any 'intelligence' to interpret data. Watermark detection would imply that such devicea 
have process the content data, e.g. to demultiplex and interpret MPEG video streams, at least 
including run-length Huffman decoding of DCT coefficients. Hence a requirement of 
simplicity of playback control can not effectively be met by pixel-domain watermarks. So the 

IS known system has the problem, that the drive must be provided with a complex watermark 
detector. 



Another arrangement for receiving via a transfer signal encoded content 
20 information and supplemental information which content information comprises a watermark 
at least partly representing the supplemental information, the arrangement comprising a 
receiver device for receiving the transfer signal, a detector for detecting watermark 
information in dependence on the watermark, and a decoder coupled to an output of the 
receiver device for decoding the content information, which receiver device comprises control 
mean*, for controlling the reproduction of the content information in dependence on the 
supplemental information, is known from WO99/11064 (PHN 16S17). Embodiments relating 
to this arrangement for receiving via a transfer signal encoded content information and 
supplemental information can be found in WO99/11064 (PHN 16517). 

It is an object of the invention to provide a more flexible system for controlling 
the playback of content information in dependence of supplemental information. 
DVD- Video material is currently protected by the DVD-FORUM Content Scrambling System 
(CSS). The content providers are looking for ways to enhance this protection system and are 
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requeuing additional layers of protection for their BP. A set of proposals for a new Content 
Prowaion System (CPS) is being considered at the CPTWG based on watermarking the Video 
content. (CPTWG = Copy-protection Technical Working Group, a copy-protection 
discus^ion/standardizadon forum of consumer electionics-, IT- and film-industries, convening 

5 month .y in Burbank, CA). 

This v. atermark is used to effectuate both playback- and record-control. Record control 
implies that a recorder refuses to make a copy of a piece of video that contains an appropriate 
copy-r.ever or copy-no-more watermark. (See ref 0.0.[5] for a definition of the terms copy-no- 
more, =opy-never and copy-once). Because it is relatively easier for a pirate to modify his own 
10 record* than the players of the customers to which he will try to sell his counterfeited video- 
material, perhaps playback control is more relevant. Playback control entails only allowing 
playback of content with a watermark, when the information carrier on which the content 
reside:; is of a nature compatible with the watermark. E-g. a movie with a watermark "copy- 
never* should always be on a factory pre-recorded ROM (or "silver") disk. If the movie 
15 reside* on a recordable ("golden") disk, or a non-authorized "silver" disk, playback should 
stop. (A more serious form of disk-type distinction is to check whether the pits on the disk do 
not lie on a regular spiral but on a slightly wobbled spiral; upon copying (even bit~copying) 
this "wobble" is lost). A similar system is envisioned for audio applications such as SACD and 
DVD-Audio, or other multimedia applications. 
20 From the point of view of implementing playback control in a digital player, the 

watermark detector will typically be part of a decoder, by decoder we mean that part of the 
player that is used to torn the bits from the information carrier into a visible/audible signal 
(e.g. an MPEG decoder—soft- or hardware—, and/or D/A-c on verier). On the other hand, the 
nature of the information carrier will be determined in the so-called drive, which reads the 
25 actual bits from tape/disk. The copy-protection information gathered by both pieces of 

functionality will have to be shared via some protocol, in order to effectuate playback control. 
See F gure 1 for a typical play-control set-up for a video player. 

In the sequel, we will use the terms 'decoder' and 'application' interchangeably. 
Prom a security standpoint, there is no serious problem in a stand-alone tabletop player, where 
30 integration and absence of a well-defined public interface between drive and decoder present 
almost insurmountable problems to the average hacker. In a Personal Computer environment 
however, drive and decoder are usually physically separate entities, connected via an open, 
well-documented (PCI) bus. Furthermore, they communicate under the guidance of an 
appropriate software application. 
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This has two implications: 

1. The drive and decoder have to decide independently whether to ceaae playback^ based on 
the information they obtain from each other. 

2. The software application orchestrating the actions of decoder and drive cannot be trusted 

5 with diis decision, as it is easily replaced by a malevolent version (perhaps downloaded from 
the internet). Moreover, this malevolent version may actively interfere with the autonomous 
playbirk control of drive/decoder by intentionally modifying messages from decoder to drive 
and vine versa. 



10 watermark is generally chosen to be content dependent (e.g. every movie will have it' s own 
watermark, such that hacking the watermark in one film, doesn't necessarily expose all films), 
which is to be coupled to an appropriate physical property of the disk, the so called physical 
mark or diskmark. In other words, the watermark carries a (single or multiple byte) payload, 
which is related to the payload of the physical disk property. Exchanging these two numbers 

IS securely between drive and decoder will be the subject of this invention disclosure. 



Appendix 0. This attack makes it necessary for the exchange protocol also to check whether 
the content arriving at the decoder is (a subset of) the data transmitted by the drive. 
Given the mass-product nature of esp. the drive, this protocol should be as simple as possible, 
20 and not interfere with the normal functionality of either drive or decoder. 
To surimarize, the protocol should be: 

I. secu re 

a) against man-in-the-middle attack. 
25 b) against a hacker obtaining watermark/drive payload 
H cheiip and simple in both soft- and hardware 
HI. not impair drive and decoder in their normal functioning 

IV. should be compatible with the constraints of existing standard interfaces, protocols and 
storage formats 

30 In this invention disclosure, wc will suggest a protocol that will satisfy the 

above liesign constraints. We will give a particular example for the case of DVD-video, which 

can probably be generalized to audio or other formats multimedia formats. 

The thiee main invention ideas (see section 3 Conclusions for a more general description) are: 



To increase the security of the watermarking copy protection system, the 



There exists a fairly easy hack, the so-called the man-in-the-middle attack, see 
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1. In general, to contiauously exchange between drive and application a characteristic of the 
content or summary that is being streamed, to avoid man-in-the~rniddle attacks. 

2. In particular for a DVD-video drive, ta use the presence of pack_start_code as the first 4 
bytes in a sector, as a criterion for considering that sector to contain video (or more precisely: 

S MPBC Program S tream information) 

3 .In particular for DVD- video, to base the characteristic/summary of bullet 0 on the 
SCRJ>ase[]MPEG-field, which can be guaranteed to be transmitted by the drive and received 
by the application; i.e. not to summarize all data but just the part related to the correct 



Protocol Characteristics 

Assumption ; because the communication between drive and application is to be tamper-proof, 
and preferably secret, we assume that through some means* a secret K % not known to the 
outside world, has been shared between drive and application. Examples are: 
15 1. The bus-key in CSS (Content Scrambling System, data encryption method for DVD- video 
disk) 

2. A universal secret embedded in drive-silicon and application-silicon. 

3. a key shared as the result of a to be defined secure authentication protocol (e.g. CSS-2). 
Typically K is a 64- or 128-bit number. 

20 Appendix 0 clarifying the Man-in-the-middle attack, concludes the following 

regard jig item 0 0 in section 0: the vulnerability exploited by this attack is that the decoder 
receives other data than that transferred by the drive. To thwart the attack, in the copy*control 
messages between drive and decoder: 

25 1. the ilrive needs to report to the decoder a summary of the video that it transmitted, 
2, the tiecoder needs to report to the drive a summary of the video that it received. 

This leads to the first invention claim, mentioned in the introduction. 



30 drive is sent to the decoder: e g, the table of contents of the disk and other file-management 
information is read from the disk and processed by the operating system, but not by the 
application! If the drive were making a summary based on all data transmitted and the decoder 
only oci the data it receives, a false alarm would be raised even during legal playback- 



SCRJ>ase[]- 



10 



A complication in this scenario is that not all of the data requested from the 
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6 14.04.1999 
It is therefore essential thai the summary that is being exchanged concerns only 
that pact of the data that will end up in the application! A particular problem is that this stream 
of summary verification messages has to be synchronized. 

Prom now on we will specialize to the case of DVD-Video, but we believe that 
S generalizations of the protocol that will be described, exist. 

For the particular case of DVD-Video, there is a way to construct such a unique summary. 
First off: all data on DVD-disks is divided into blocks of 2048 bytes called sectors. Currently, 
for the outside world to access data on the disk, the only way is to request entire sectors at a 
time 0 ,[2] , The specification of DVD video is such that video data that will be sent to the 

10 application (an MPEG decoder card) is never mixed with "administrative data" (which is not 
sent tc the decoder) in the same sector. The drive has no a priori knowledge, however, to 
distinguish sectors containing administrative data from those with video. 

According to the DVD-Video specification (0 Part 1), the data that will be 
received by the MFEG-decoder, the MPEG Program Stream stored on a DVD, is organized 

IS into a sequence of paekO's. all with length 2048 bytes. Every packO is stored in exactly I 
sector on the disk. Therefore the decoder also knows about sector-boundaries by identifying 
packQ's. A packQhaa a structure that can be found in Figure 2. 

When a sector starts with a 4-byte pack^3tart_code , the drive knows that this 
sector will eventually be received by the decoder. Conversely if the first 4 bytes of the sector 

20 do noi equal the pack_start_code > the sector is not bound for the decoder, and should be 

ignored for the ''summary** computadon. This solves the problem of selecting the right data to 
compute a summary on, and clarifies the second inven tion cla^ in flyy int roduction. 

Because it is computationally too intensive to compute, exchange and verify a 
summary C(iy of each sector that the drive transmits, the drive and decoder should select a 

25 few stttors/packOs based on their shared secret K. They will compute a unique feature of that 
sector, and securely exchange chat feature together with the watennark/disk-mark information. 
A pin ted software driver in the "Man-in-the-middle" scenario cannot abuse a compliant 
decoder by occasionally sending it a sector from the drive, and thus generating a valid Copy 
Control Message because (s)he would not know, which sector to send. 

30 In Table 1. the SCR .baseO-field, or systenuclockjceference.base[32^0] in 

MPEG-language, equals the number of ticks (mod 2 33 ) on the MPEG sysiem clock, which runs 
at 90 IcHz, The thiid invention claim in theintroduction is to use the value oL<his_ SCR_base[] 
field in a seetor/packQtogether with the secret key K to determine whether or not this 
sector /packQ is to be "summarized 9 . An example protocol to single out a sector for 
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*sumnaii2ing* is given in the flow-chart in Figure 3. The protocol also includes a way to 
exchange the value of the watermark/physical mark. 

K is the aforementioned shared secret 

- 7> is the SCR_ba&e[] of the selected sector that is to be 'summarized' 
S - C(7» is the digital summary of the selected sector 

- CGMS-D are the two Copy-Generation Management System bits, denoting the copy state of 
the content (copy-free, copy-once, copy never). 

- WM { is (part) of the watermark payload that is to be shared with the drive 

- F() is a function which obfuscates its argument. The argument is transmitted to the drive in 
10 this fC'im to keep the information secret and tampcr-proof , from the "man in the middle". An 

example would be a one-way hash-function. 

Typically, we would like to exchange a summary once per second, or 10 
secon is. (In the example protocol of Figure 3, the length of this period determined in step (2) 
by mcnitoring the flipping of bit TV of SCR_base[]. When N=l6 m as in the figure, the period is 

IS ticks -3- 90,000 ticks/sec =1.4 seconds. For #=17 we would 2x1 .4 = 2.8 sec. for 

+■5.6 sec etc.). Experiments with real DVD -video's suggest that in such a 1 sec period (and 
certainly in a 10 sec. period), there are ample sectors transmitted by the drive to allow the 
example algorithm to function properly. The algorithm of Figure 3 waits for 1.4 seconds, and 
then basically selects the AT 0 'th sector after that point, where Ko is derived from the shared 

20 secret K. 



Conclusions 

• In a drive «-» application protocol, drive and decoder need to verify that the content that 
they are transmitting viz. receiving is the same. This can be done by preferably securely 

25 exchanging summaries of the data bound for che application, and the data received by the 

application. 

• Fcr DVD-video, in implementing item 0. the drive and application cannot be absolutely 
certain which part of the data transmitted by che drive will be received by the decoder. To 
alleviate this problem the drive should only summarize sectors which start with the 4-byte 

30 pack_stait_code. An improvement to avoid accidental false alarms through occurrence of 

pacl^start_code in a non-video sector, is to also check that sector bytes 14. . . 17 contain 
this so-called video_pack w start_code =0x000OOlEO, For other recording formats, the 
equivalent of pack_start_code should be chosen: i.e. a sequence of bits which (to a high 



15:03 ^3 815707 ^IPiSSS P A RH30B Job-703 "cg^M-Z 

^4/^/4 "* nED 15:10 FAX 012^T 815707 rniLxro Ami RDH UKPO FILING — 

PHN 17.410 EPP 

8 14.04.1999 
probability) is unique to a block of data that will be sent to the application, (as opposed to 
another destination within the PC). 
• Because summarizing all sectors causes too much overhead (and is unnecessary from a 
s&mrity point of view) drive and decoder may just compute and exchange a summary or 
5 characteristic of specific sectors with pre-selected SCR^baseQ. These sectors should be 

known only to drive and application. This selection of sectors could be made, based on a 
shared secret K. For other recording formats, the summary can likewise be computed 
based on (a characteristic of) a subset of the data transmitted from drive to the application. 
Selocdon of the subset should be based an the shared secret K. 
10 • To avoid false alarms through a latency and delays in the communication between drive 
and application (beyond their control), both should store the last few summary-results 
against which they will verify incoming copy-protection messages. 

A Maii-in-the-Middle Attack 

15 

Consider the scenario in Figure 4. A PC with a copy protection compliant drive 
and compliant application (in this case an MPEG decoder card) is tricked into playing back an 
illegally copied disk with a watermarked film, by pirated software controlling drive and 
decoder. Obviously the pirated disk is without the proper diskmark. The software application 
20 controlling drive and decoder is pirated (downloaded from Internet etc.). The hack starts out 
with luting the drive and application authenticate each other, prior to playback. The drive sees 
no diskmark: this is not illegal in and of itself (a non copy-protected film on disk, or a legacy 
disk daesn't have a diskmark either). 

When playback starts, the pirated control software, requests data sectors from the drive, and 
25 sends them to a non-complumt decoder (e.g. legacy existing software), whilst supplying other. 

pre-re;orded data to the compliant decoder card, from, say. the hard-disk. The data from the 

disk- drive is watermarked, but this watermark is not recognized by the non-compliant decoder. 

The p]ie-recorded video from the hard-disk is not watermarked, so the compliant decoder 

doesn t see a watermark either. In this situation the compliant decoder will tell the compliant 
30 drive i hat it sees no watermarked video, bo playback should continue; the drive hasn't seen a 

diskmark so it also decides that playback is legal. 

The vulnerability exploited by this attack is obviously that the drive transfers 

data different from than that received by the decoder. To thwart the attack, in the copy-control 

messages. 
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1. the drive needs to report to the decoder a summary or characteristic of the video that it 
transmitted. 

2. the decoder needs to report to the drive a summary or characteristic of the video that it 
5 received. 

A complication in this scenario is that not all of the data requested from the 
drive is sent to the decoder: e.g. the table of contents of the disk and other file-management 
information is read and processed by the operating system, but not by the application! 
It is therefore essential that the summary that is being exchanged concerns only that part of the 
10 data th at will end up in the application! 
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CLAIMS: 



1. A method of copy protection substantially as described herein with reference to 

one or more of the accompanying drawings. 

2- A method of exchanging copy protection information regarding an information 

5 carrying medium substantially as described herein with reference to one or more of die 
accompanying drawings. 

3. A copy protection system substantially as described herein with reference to 

one oi more of the accompanying drawings. 

10 

4- A device substantially as described herein with reference to one or more of the 

accompanying drawings. 

5. A device wherein a method as claimed in Claim 1 or 2 is used for copy 

1 5 protec ing the content stored in the device. 
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ABSTRACT: 



A method is presented to allow a reader-unit (e.g. a DVD drive) and an 
application unit (e.g. an MPEG decoder) to exchange copy-protection information regarding 
the information carrying medium (disk) and the content on that medium. The method is 
crypto graphically secure, taking into account the situation where reader-unit and application - 
5 unit ars connected to an open bus in a Personal Computer. In view of the high-volume nature 
of the drive, the method can be implemented cheaply. The method is robust against a so-called 
man-hi-the-middle attack. 

Keywords: 

10 Copy- protection systems, watermarking, optical disk recording, cryptography, play-control. 
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Fig ue 1 Schematic of play control during playback for video in a player. In this set 
up. drive and application have their own play-control unit, e.g. because they are 
ph>aically separated — like in a PC. Nevertheless, they still rely on each other for 
information to enact proper play control. 
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Fig ire 2 Outline of a DVD-Video pack ( ) 
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1 S oa^°i 
8.hash=FAL3e 



(5) 




1 S w = SdUaaseU6J; 

a SaftdATAPI: *W**,/CGM3-D| r^Cfr^l*) 




Vsetr ff «0Cf^bc^c[3X r .03: 

2. read flWt* and oorrpute; - 
ghamderiaCc of this Doctor 

3. hash = FALSE; 



(1) optionally: buffer or 

* 10 arbitrary bytes 



CI) sca_ba*<9 I ) changing sign implies appro* 1 .4 o*e passed 



0) *d X Or^y sefld hash back ai fined intefvalfl, nol whao 
computed (otherwise part oi socrof K revealed) 
ad 3. Characteristic C^TJ ic optional, because T A p'ay* lh»* rale 
ad 4. 146 ie * MPEQ dock Ucki per sector ai 10.06 Mbe. 
optionally 1*£ can be' replaced by 12B. 



(4) ad 2. Optional characteristic C ean bo v«ry ftmaH. e.g. 1 bn 
because of the hash-function FQ. £.g. the parity of 
the flrsi Drta alter packet tajtft_aodc- 



Fig ure 3 Computation of the summary at the decoder for transmitting the watermark 
pay load securely to the drive. The drive goes through the same algorithm, but in step 
(3) replaces watermark payioad WM, by W, the payload value stoned in the diskmark. 
Note: in item (3) 4., H and K Q essentially select the K$-th sector after the beginning of 
the period signalled by SCK^toase [ 16 ] flipping. 
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(Phitae 1). do compliant authentication 




v J 



{Phase 2), Add non-compliant 
decoder 




c 



Streaming (pirated) content 



Non-Compliant 
(S/W) MPEG Decoder 

• no watermark detector 



Streaming hairofoBS contant 




Copy-control 
messages * 




Compliant 
MPEG Decoder 





Fig ure 4 It is necessary chat both drive and compliant decodcr/watermarfc-detector are 
taUcing about the same concent. If not, we can play back a pirated disk (no proper disk 
mark, but watermarked content) by splicing in dummy, non-watermarked content to 
the compliant decoder after the authentication phase. 



BEST AVAILABLE COPY 



15:03 

/ED 15:12 FAX Ol 1 



93 815707 
815707 



R-OOB Jbb-703 
UKPO FILING 



PHN 17.410 



Table 1 DVD Program Stream pack ( ) header 



riela 


Number of bits 


Value 


pack_start_code 


32 


00000 IB Ah 


'01' 


2 


01b 


SCR_bwiee[32 . .30] 


3 


SCIL_base[32] =0 


enarker_bit 


1 


lb 


SCH_baae[29. .15] 


15 




marker^bit 


1 


lb 


SCIO>asetl4. .0] 


15 




markerjait 


1 


lb 


SCR_extens i on 


9 




mAirkear^bi t 


1 


lb 


pr ogr aitLjmux.-r a t e 


22 


0169C3 x 


marker^bit 


1 


lb 


marker^ it 


1 


lb 


Reserved 


5 


lllllb 


p ack_s tuf f insr_length 


3 





